Data Protection Act 2018 (Section 159(2)) Rules 2018 (Rep. of Ireland)

Overview

These Rules, made under section 159(2) of Ireland’s Data Protection Act 2018, regulate how processors may handle personal data contained in Circuit Court records. They give legal effect to Article 28(3) of the GDPR and Article 22(3) of Directive (EU) 2016/680, ensuring data is managed in a lawful, secure, and accountable way. The Rules apply specifically to data processing performed on behalf of the Circuit Court when it acts in a judicial capacity.

The Circuit Court Rules Committee issued these rules to clarify how personal data contained in court records must be processed when the Circuit Court is the controller. The rules cover the duration, purpose, types of data, categories of data subjects, and the obligations of processors, including court staff and external contractors. They are intended to ensure lawful processing while respecting judicial independence and the confidentiality of court proceedings.

Benefits of compliance:

• Reduces legal liability by ensuring court personnel and contractors meet GDPR and national law standards
• Supports the fair administration of justice by safeguarding the integrity of sensitive personal data
• Enables lawful data sharing for appeals, investigations, and press access under strict conditions
• Demonstrates accountability in the court system’s data handling procedures
• Protects data subject rights while respecting judicial process and independence